Using Connectbot for SSH with pubkey authentication on Android

Updated July 4, 2015
This how-to was posted at a time when I was using a HTC Legend and a Ubuntu 8.10 server. This was back in 2010. I have done some checking of this how-to, and I have verified that the instructions are still valid today (July 2015). Nowadays I use a Samsung Note 4 and my SSH server is a Raspberry Pi running a standard Raspbian OS.

Life is still simple 🙂

Tools used for this proof of concept:

HTC Legend with Android 2.1 (2010). Samsung Note 4 (2015).

Connectbot 1.6.2 (Current version is 1.8.4)

Linux server with pubkey authentication

This tutorial also assumes that you have a fair understanding in setting up pubkey authentication. Note: Running standard password based authentication for SSH is not covered in this post. With Connectbot, that’s just as easy as with any SSH client.

How it’s done

Install Connectbot from Google Play Store, and start it up.

Click the Menu button on the phone. Newer versions of Connectbot now also have a menu button inside the app.

Click “Manage pubkeys”.

Click the Menu button on the phone.

Click “Generate”.

Now you have the options for key generation. For this particular purpose, I created a standard DSA key without password. I checked the “Load key on start” option.

You will help out with the key generation by sliding your finger across the box thats presented. Generating the key takes some time, and I guess that using a slower phone will extend the generating time.

When all is done, it’s time to retrieve the public key. I highlighted this because I’ve seen a lot of comments and questions on the web if key based authentication with Connectbot works or not, and how to retrieve the public key.

Click “Manage pubkeys” after clicking the menu button on the phone. You might have to take some steps back to get this option available.

You will see your generated key. Tapping it will switch from locked to unlocked.

Now, most people would click the menu button again and be pretty disappointed to see that theres an “import” option, but no “export” option. Simply hold your finger on the key in list until a menu pops up.

Click “Copy public key”. Now the key is in the clipboard on your phone. I have also checked the option “load key from start”. Do NOT copy and send the private key!!

Now, it’s up to you how to load the public key to your server. The following steps explain the method I used.

I used an email client on the phone. To paste the copied pubkey, just press and hold your finger in the email body area (where you write your message). A menu pops up, and you have the option to paste the clipboard contents.

As you may have guessed, I sent the pubkey to a computer that already have it’s pubkey on the server.

Simply retrieve the pubkey from your inbox, copy/paste the key text to a file. Name it “my_phone__id_dsa.pub” or something. From there on you would probably do a scp my_phone__id_dsa.pub user@server:~/.ssh and log on to the server and do a cat my_phone__id_dsa.pub >> authorised.keys.

Again, it’s up to you how to deliver the pubkey. A more safer method would be to save the pubkey to a text document, and transfer it with a physical phone->computer connection. Using email, your pubkey could fall into the hands of someone else. Although, with a properly set up SSH server of the latest version, the pubkey alone would be of no value to an intruder…

Strange. I'm using scandinavian keyboard myself. But I dont have the problem you describe, and switching to normal english keyboard was also problem free. My guess is that some other language or keyboard setting messes it up for you.

Worked great, thanks. Now we just need a tutorial on how to open this securely out to the Internet, beyond our internal network, and tunnel connections. For example, how to tunnel server management apps or web browsers through the SSH connection.
Also in my case I pasted the exported public key to a text file using a text editor on the phone, then uploaded that to my Dropbox folder, and then pulled that down on the other side. You could also just transfer the file by USB.

Thanks. I know there’s a port forwarding functionality in Connectbot, but I cannot say that I have used it successfully. My non-rooted HTC Legend doesnt offer that much when it comes to control of the routing. No one knows what goes over VPN or not, and I have serious trouble finding out how to get MySQL working through VPN+Connectbot forwarding..